Re: Strange safe level change

Eric H. wrote:

security level…
1.8.4
if (OBJ_TAINTED(method)) {
safe = NOEX_WITH(data->safe_level, 4)|NOEX_TAINTED; }

Yes, I got the idea for the example from looking at this particular spot
;-). Interesting, that if your current $SAFE level is 1, such method
invocation switches it to 5.

$SAFE is only changed for the method invocation, it does not leak
into the surrounding process. puts $SAFE afterward shows the
original safe level.

You are absolutely right. However, what if a method invoked in such a
way is a starting point for your entire subsystem? :wink:

I wonder, what is the reason for such a behavior? I am sure there’s a
very good one.

Gennady.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs